<!DOCTYPE html>



  


<html class="theme-next mist use-motion" lang="zh-Hans">
<head>
  <meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform" />
<meta http-equiv="Cache-Control" content="no-siteapp" />
















  
  
  <link href="/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css" />







<link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css" />

<link href="/css/main.css?v=5.1.4" rel="stylesheet" type="text/css" />


  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Hexo, NexT" />










<meta name="description" content="之前写过一篇有关java内部安全机制和沙箱的一片文章,那一篇中jvm是基于代码的维度进行权限管理的,但是java在java1.4内置一个JAAS基于用户的权限管理(虽然个人觉得这个东西非常鸡肋,适合单体应用并不适合现在的微服务和分布式框架,因为有个非常坑爹的配置文件-我权限管理都是使用数据库实现的:disappointed_relieved:)  JAAS的大体组成 客户端通过一个LoginCo">
<meta property="og:type" content="article">
<meta property="og:title" content="kyssion-blog">
<meta property="og:url" content="http://yoursite.com/2018/10/09/java-JAAS(Java 认证和授权服务)/index.html">
<meta property="og:site_name" content="kyssion-blog">
<meta property="og:description" content="之前写过一篇有关java内部安全机制和沙箱的一片文章,那一篇中jvm是基于代码的维度进行权限管理的,但是java在java1.4内置一个JAAS基于用户的权限管理(虽然个人觉得这个东西非常鸡肋,适合单体应用并不适合现在的微服务和分布式框架,因为有个非常坑爹的配置文件-我权限管理都是使用数据库实现的:disappointed_relieved:)  JAAS的大体组成 客户端通过一个LoginCo">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2018-10-09T07:22:37.333Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="kyssion-blog">
<meta name="twitter:description" content="之前写过一篇有关java内部安全机制和沙箱的一片文章,那一篇中jvm是基于代码的维度进行权限管理的,但是java在java1.4内置一个JAAS基于用户的权限管理(虽然个人觉得这个东西非常鸡肋,适合单体应用并不适合现在的微服务和分布式框架,因为有个非常坑爹的配置文件-我权限管理都是使用数据库实现的:disappointed_relieved:)  JAAS的大体组成 客户端通过一个LoginCo">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Mist',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: '博主'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="http://yoursite.com/2018/10/09/java-JAAS(Java 认证和授权服务)/"/>





  <title> | kyssion-blog</title>
  








</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/"  class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">kyssion-blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br />
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-about">
          <a href="/about/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-user"></i> <br />
            
            关于
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br />
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br />
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br />
            
            归档
          </a>
        </li>
      
        
        <li class="menu-item menu-item-schedule">
          <a href="/schedule/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-calendar"></i> <br />
            
            日程表
          </a>
        </li>
      
        
        <li class="menu-item menu-item-sitemap">
          <a href="/sitemap.xml" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-sitemap"></i> <br />
            
            站点地图
          </a>
        </li>
      
        
        <li class="menu-item menu-item-commonweal">
          <a href="/404/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-heartbeat"></i> <br />
            
            公益404
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="http://yoursite.com/2018/10/09/java-JAAS(Java 认证和授权服务)/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="kyssion">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/images/avatar.gif">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="kyssion-blog">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline"></h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2018-10-09T15:22:37+08:00">
                2018-10-09
              </time>
            

            

            
          </span>

          

          
            
          

          
          

          

          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <blockquote>
<p>之前写过一篇有关java内部安全机制和沙箱的一片文章,那一篇中jvm是基于代码的维度进行权限管理的,但是java在java1.4内置一个JAAS基于用户的权限管理(虽然个人觉得这个东西非常鸡肋,适合单体应用并不适合现在的微服务和分布式框架,因为有个非常坑爹的配置文件-我权限管理都是使用数据库实现的:disappointed_relieved:)</p>
</blockquote>
<h3 id="JAAS的大体组成"><a href="#JAAS的大体组成" class="headerlink" title="JAAS的大体组成"></a>JAAS的大体组成</h3><ol>
<li>客户端通过一个LoginContext对象与JAAS相互作用，这个LoginContext对象提供了一种开发应用程序的方式，它不依赖于底层的认证技术。</li>
<li>LoginContext：是javax.security.auth.login包里的一个类，它描述了用于验证对象(subjects)的方法。</li>
<li>Subject：就是在某个你想去认证和分配访问权限的系统里的一个标识。一个主体(subject)可能是一个用户、一个进程或者是一台机器，它用javax.security.auth.Subject类表示。</li>
<li>java.security.Principal： 由于一个Subject可能涉及多个授权（一个网上银行密码和另一个电子邮件系统），java.security.Principal就被用作在那些关联里的标识。也就是说，该Principal接口是一个能够被用作代表某个实体、公司或者登陆ID的抽象概念。一个Subject可能包含多个Principles. 稍后将有一个示例类实现了这个Principal接口。</li>
<li>LoginContext对象调用负责实现和执行认证的LoginModules。LoginModule接口(在javax.security.auth.spi 包里)必须让认证技术的提供者去实现，并且能够被应用程序指定提供一个特定认证类型。<ul>
<li>LoginContext： 用来读取Configuaration和实例化特定的LoginModules.</li>
<li>Configuaration： 被某个特定的应用程序用作指定认证技术或者LoginModule。因此，不同的LoginModules能够被应用到某个应用程序而不用对这个应用程序做任何的代码修改。</li>
</ul>
</li>
<li>CallbackHandler 安全机制的回调器处理器,用来处理和显示回调的信息<h3 id="一个例子"><a href="#一个例子" class="headerlink" title="一个例子"></a>一个例子</h3></li>
</ol>
<blockquote>
<p>主类:关键的一句第八行-在配置文件example.conf里，实体名”WeatherLogin”就是被MyClient.java用作关联这个实体的名字。这里同时还将一个回调处理程序传给了底层的LoginModule，因此他们能够通过提示用户名/密码同用户进行交流和作用，例如：通过文本或者图形用户接口。一旦LoginContext已经被实例化了，login方法就被调用去登陆.</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// LoginContext：是javax.security.auth.login包里的一个类，它描述了用于验证对象(subjects)的方法。  </span></span><br><span class="line"><span class="comment">// LoginContext对象调用负责实现和执行认证的LoginModules。  </span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">MyClient</span> </span>&#123;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">void</span> <span class="title">main</span><span class="params">(String[] args)</span> </span>&#123;</span><br><span class="line">		LoginContext context = <span class="keyword">null</span>;</span><br><span class="line">		<span class="keyword">try</span> &#123;</span><br><span class="line">			<span class="comment">// 在配置文件example.conf里，实体名"WeatherLogin"就是被MyClient.java用作关联这个实体的名字。</span></span><br><span class="line">			context = <span class="keyword">new</span> LoginContext(<span class="string">"WeatherLogin"</span>, <span class="keyword">new</span> MyCallbackHandler());</span><br><span class="line">		&#125; <span class="keyword">catch</span> (LoginException le) &#123;</span><br><span class="line">			System.err.println(<span class="string">"LoginContext cannot be created. "</span> + le.getMessage());</span><br><span class="line">			System.exit(-<span class="number">1</span>);</span><br><span class="line">		&#125; <span class="keyword">catch</span> (SecurityException se) &#123;</span><br><span class="line">			System.err.println(<span class="string">"LoginContext cannot be created. "</span> + se.getMessage());</span><br><span class="line">		&#125;</span><br><span class="line">		<span class="keyword">try</span> &#123;</span><br><span class="line">			context.login();<span class="comment">//使用反射调用出自己定义的实现LoginModules的类</span></span><br><span class="line">		&#125; <span class="keyword">catch</span> (LoginException le) &#123;</span><br><span class="line">			System.out.println(<span class="string">"Authentication failed. "</span> + le.getMessage());</span><br><span class="line">			System.exit(-<span class="number">1</span>);</span><br><span class="line">		&#125;</span><br><span class="line">		System.out.println(<span class="string">"authentication succeeded."</span>);</span><br><span class="line">		System.exit(-<span class="number">1</span>);</span><br><span class="line">	&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>回调类:底层安全服务可能要求通过传递单个的callbacks到回调处理程序。基于传递的callbacks，回调处理程序决定怎样去获取和显示信息。</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// 一个基于JAAS的应用程序实现了CallbackHandler接口，  </span></span><br><span class="line"><span class="comment">// 因此它能够提示用户去输入特定的认证信息，比如用户名或者密码，或者显示错误或者警告信息。  </span></span><br><span class="line"><span class="comment">// 基于传递的callbacks，回调处理程序决定怎样去获取和显示信息。  </span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">MyCallbackHandler</span> <span class="keyword">implements</span> <span class="title">CallbackHandler</span> </span>&#123;</span><br><span class="line">	<span class="meta">@Override</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">handle</span><span class="params">(Callback[] callbacks)</span> <span class="keyword">throws</span> IOException, UnsupportedCallbackException </span>&#123;</span><br><span class="line">		<span class="keyword">for</span> (<span class="keyword">int</span> i = <span class="number">0</span>; i &lt; callbacks.length; i++) &#123;</span><br><span class="line">			<span class="keyword">if</span> (callbacks[i] <span class="keyword">instanceof</span> NameCallback) &#123;</span><br><span class="line">				NameCallback nc = (NameCallback) callbacks[<span class="number">0</span>];</span><br><span class="line">				System.err.println(nc.getPrompt());</span><br><span class="line">				System.err.flush();</span><br><span class="line">				String name = (<span class="keyword">new</span> BufferedReader(<span class="keyword">new</span> InputStreamReader(System.in))).readLine();</span><br><span class="line">				nc.setName(name);</span><br><span class="line">			&#125; <span class="keyword">else</span> &#123;</span><br><span class="line">				<span class="keyword">throw</span> <span class="keyword">new</span> UnsupportedCallbackException(callbacks[i], <span class="string">"callback handler not support"</span>);</span><br><span class="line">			&#125;</span><br><span class="line">		&#125;</span><br><span class="line">	&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>Module类:真实的控制操作类</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// 以下代码展示了一个LoginModule简单的实现. 这个例子是非常简单的，  </span></span><br><span class="line"><span class="comment">// 因为他仅仅有一个认证字符串和一个Principal（特征） "SunnyDay", 两个都是硬编码。  </span></span><br><span class="line"><span class="comment">// 如果去login，系统将显示"What is the weather like today?", 如果答案是"Sunny", 用户就能通过。  </span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">WeatherLoginModule</span> <span class="keyword">implements</span> <span class="title">LoginModule</span> </span>&#123;</span><br><span class="line">	<span class="keyword">private</span> Subject subject;</span><br><span class="line">	<span class="keyword">private</span> ExamplePrincipal entity;</span><br><span class="line">	<span class="keyword">private</span> CallbackHandler callbackhandler;</span><br><span class="line">	<span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="keyword">int</span> NOT = <span class="number">0</span>;</span><br><span class="line">	<span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="keyword">int</span> OK = <span class="number">1</span>;</span><br><span class="line">	<span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> <span class="keyword">int</span> COMMIT = <span class="number">2</span>;</span><br><span class="line">	<span class="keyword">private</span> <span class="keyword">int</span> status;</span><br><span class="line">	<span class="comment">// initialize: 这个方法的目的就是用有关的信息去实例化这个LoginModule。</span></span><br><span class="line">	<span class="comment">// 如果login成功，在这个方法里的Subject就被用在存储Principals和Credentials.</span></span><br><span class="line">	<span class="comment">// 注意这个方法有一个能被用作输入认证信息的CallbackHandler。在这个例子里，我没有用CallbackHandler.</span></span><br><span class="line">	<span class="comment">// CallbackHandler是有用的，因为它从被用作特定输入设备里分离了服务提供者。</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">initialize</span><span class="params">(Subject subject, CallbackHandler callbackhandler, Map state, Map options)</span> </span>&#123;</span><br><span class="line">		status = NOT;</span><br><span class="line">		entity = <span class="keyword">null</span>;</span><br><span class="line">		<span class="keyword">this</span>.subject = subject;</span><br><span class="line">		<span class="keyword">this</span>.callbackhandler = callbackhandler;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="comment">// login: 请求LoginModule去认证Subject. 注意此时Principal还没有被指定。</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">boolean</span> <span class="title">login</span><span class="params">()</span> <span class="keyword">throws</span> LoginException </span>&#123;</span><br><span class="line">		<span class="keyword">if</span> (callbackhandler == <span class="keyword">null</span>) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> LoginException(<span class="string">"No callback handler is available"</span>);</span><br><span class="line">		&#125;</span><br><span class="line">		Callback callbacks[] = <span class="keyword">new</span> Callback[<span class="number">1</span>];</span><br><span class="line">		callbacks[<span class="number">0</span>] = <span class="keyword">new</span> NameCallback(<span class="string">"What is the weather like today?"</span>);</span><br><span class="line">		String name = <span class="keyword">null</span>;</span><br><span class="line">		<span class="keyword">try</span> &#123;</span><br><span class="line">			<span class="comment">// 调用 MyCallbackHandler.java 中的 handle 方法进行处理</span></span><br><span class="line">			<span class="comment">// 以读入用户输入的认证信息（如 username）</span></span><br><span class="line">			callbackhandler.handle(callbacks);</span><br><span class="line">			name = ((NameCallback) callbacks[<span class="number">0</span>]).getName();</span><br><span class="line">		&#125; <span class="keyword">catch</span> (java.io.IOException ioe) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> LoginException(ioe.toString());</span><br><span class="line">		&#125; <span class="keyword">catch</span> (UnsupportedCallbackException ce) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> LoginException(<span class="string">"Error: "</span> + ce.getCallback().toString());</span><br><span class="line">		&#125;</span><br><span class="line">		<span class="keyword">if</span> (name.equals(<span class="string">"Sunny"</span>)) &#123;</span><br><span class="line">			entity = <span class="keyword">new</span> ExamplePrincipal(<span class="string">"SunnyDay"</span>);</span><br><span class="line">			status = OK;</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">true</span>;</span><br><span class="line">		&#125; <span class="keyword">else</span> &#123;</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">false</span>;</span><br><span class="line">		&#125;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="comment">// commit: 如果LoginContext的认证全部成功就调用这个方法。</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">boolean</span> <span class="title">commit</span><span class="params">()</span> <span class="keyword">throws</span> LoginException </span>&#123;</span><br><span class="line">		<span class="keyword">if</span> (status == NOT) &#123;</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">false</span>;</span><br><span class="line">		&#125;</span><br><span class="line">		<span class="keyword">if</span> (subject == <span class="keyword">null</span>) &#123;</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">false</span>;</span><br><span class="line">		&#125;</span><br><span class="line">		Set entities = subject.getPrincipals();</span><br><span class="line">		<span class="keyword">if</span> (!entities.contains(entity)) &#123;</span><br><span class="line">			entities.add(entity);</span><br><span class="line">		&#125;</span><br><span class="line">		status = COMMIT;</span><br><span class="line">		<span class="keyword">return</span> <span class="keyword">true</span>;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="comment">// abort: 通知其他LoginModule供应者或LoginModule模型认证已经失败了。整个login将失败。</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">boolean</span> <span class="title">abort</span><span class="params">()</span> <span class="keyword">throws</span> LoginException </span>&#123;</span><br><span class="line">		<span class="keyword">if</span> ((subject != <span class="keyword">null</span>) &amp;&amp; (entity != <span class="keyword">null</span>)) &#123;</span><br><span class="line">			Set entities = subject.getPrincipals();</span><br><span class="line">			<span class="keyword">if</span> (entities.contains(entity)) &#123;</span><br><span class="line">				entities.remove(entity);</span><br><span class="line">			&#125;</span><br><span class="line">		&#125;</span><br><span class="line">		subject = <span class="keyword">null</span>;</span><br><span class="line">		entity = <span class="keyword">null</span>;</span><br><span class="line">		status = NOT;</span><br><span class="line">		<span class="keyword">return</span> <span class="keyword">true</span>;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="comment">// logout: 通过从Subject里移除Principals和Credentials注销Subject。</span></span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">boolean</span> <span class="title">logout</span><span class="params">()</span> <span class="keyword">throws</span> LoginException </span>&#123;</span><br><span class="line">		subject.getPrincipals().remove(entity);</span><br><span class="line">		status = NOT;</span><br><span class="line">		subject = <span class="keyword">null</span>;</span><br><span class="line">		<span class="keyword">return</span> <span class="keyword">true</span>;</span><br><span class="line">	&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<blockquote>
<p>Principal : Principal接口的一个实现。</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment">// ExamplePrincipal 展示了Principal（主体特征）接口的一个实现。   </span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">ExamplePrincipal</span> <span class="keyword">implements</span> <span class="title">Principal</span> </span>&#123;</span><br><span class="line">	<span class="keyword">private</span> <span class="keyword">final</span> String name;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="title">ExamplePrincipal</span><span class="params">(String name)</span> </span>&#123;</span><br><span class="line">		<span class="keyword">if</span> (name == <span class="keyword">null</span>) &#123;</span><br><span class="line">			<span class="keyword">throw</span> <span class="keyword">new</span> IllegalArgumentException(<span class="string">"Null name"</span>);</span><br><span class="line">		&#125;</span><br><span class="line">		<span class="keyword">this</span>.name = name;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> String <span class="title">getName</span><span class="params">()</span> </span>&#123;</span><br><span class="line">		<span class="keyword">return</span> name;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> String <span class="title">toString</span><span class="params">()</span> </span>&#123;</span><br><span class="line">		<span class="keyword">return</span> <span class="string">"ExamplePrinciapl: "</span> + name;</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">boolean</span> <span class="title">equals</span><span class="params">(Object obj)</span> </span>&#123;</span><br><span class="line">		<span class="keyword">if</span> (obj == <span class="keyword">null</span>)</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">false</span>;</span><br><span class="line">		<span class="keyword">if</span> (obj == <span class="keyword">this</span>)</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">true</span>;</span><br><span class="line">		<span class="keyword">if</span> (!(obj <span class="keyword">instanceof</span> ExamplePrincipal))</span><br><span class="line">			<span class="keyword">return</span> <span class="keyword">false</span>;</span><br><span class="line">		ExamplePrincipal another = (ExamplePrincipal) obj;</span><br><span class="line">		<span class="keyword">return</span> name.equals(another.getName());</span><br><span class="line">	&#125;</span><br><span class="line">	<span class="function"><span class="keyword">public</span> <span class="keyword">int</span> <span class="title">hasCode</span><span class="params">()</span> </span>&#123;</span><br><span class="line">		<span class="keyword">return</span> name.hashCode();</span><br><span class="line">	&#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
<h3 id="配置文件设置"><a href="#配置文件设置" class="headerlink" title="配置文件设置"></a>配置文件设置</h3><blockquote>
<p>LoginContext通过读取Configuration去决定那个LoginModule将被使用。</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">WeatherLogin</span><br><span class="line">&#123;</span><br><span class="line">    com.kys.WeatherLoginModule required;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>
<p>使用下面的命令（指定了login配置文件）运行客户端.</p>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">prompt&gt; java -Djava.security.auth.login.config=example.conf MyClient</span><br></pre></td></tr></table></figure>
<blockquote>
<p>引申:如果开启了安全模式java -Djava.security.manager,需要指定安全策略的</p>
</blockquote>
<figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">grant codebase <span class="string">"file:./*"</span></span><br><span class="line">&#123;</span><br><span class="line">  permission javax.security.auth.AuthPermission <span class="string">"createLoginContext"</span>;</span><br><span class="line">  permission javax.security.auth.AuthPermission <span class="string">"modifyPrincipals"</span>;</span><br><span class="line">&#125;;</span><br></pre></td></tr></table></figure>
<p>运行如下的命令运行<br><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">java -Djava.security.manager -Djava.security.policy==policy.txt -Djava.security.auth.login.config==example.conf MyClient</span><br></pre></td></tr></table></figure></p>
<blockquote>
<p>结束语: 看看就好了,知道是个啥就行了,基本上用不上</p>
</blockquote>

      
    </div>
    
    
    

    

    

    

    <footer class="post-footer">
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/2018/10/09/go语言学习笔记（一)/" rel="next" title="">
                <i class="fa fa-chevron-left"></i> 
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/2018/10/09/element-ui学习笔（一）/" rel="prev" title="">
                 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
            
              <p class="site-author-name" itemprop="name">kyssion</p>
              <p class="site-description motion-element" itemprop="description"></p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/archives/">
              
                  <span class="site-state-item-count">133</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                
                  <span class="site-state-item-count">3</span>
                  <span class="site-state-item-name">分类</span>
                
              </div>
            

            
              
              
              <div class="site-state-item site-state-tags">
                
                  <span class="site-state-item-count">2</span>
                  <span class="site-state-item-name">标签</span>
                
              </div>
            

          </nav>

          

          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#JAAS的大体组成"><span class="nav-number">1.</span> <span class="nav-text">JAAS的大体组成</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#一个例子"><span class="nav-number">2.</span> <span class="nav-text">一个例子</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#配置文件设置"><span class="nav-number">3.</span> <span class="nav-text">配置文件设置</span></a></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2018</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">kyssion</span>

  
</div>


  <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>



  <span class="post-meta-divider">|</span>



  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Mist</a> v5.1.4</div>




        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  












  
  
    <script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  


  


  <script type="text/javascript" src="/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/js/src/motion.js?v=5.1.4"></script>



  
  

  
  <script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  












  





  

  

  

  
  

  

  

  

</body>
</html>
